Cyber Resilience

CVE-2026-7094

MediumPublic PoC

Published: 27 April 2026

Published
27 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0008 24.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7094 is a medium-severity SSRF (CWE-918) vulnerability in Shadowclonelabs Glutamate Mcp Servers. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-7094 is a server-side request forgery (SSRF) vulnerability affecting ShadowCloneLabs GlutamateMCPServers up to commit e2de73280b01e5d943593dd1aa2c01c5b9112f78. The issue resides in an unknown functionality within the file src/puppeteer/index.ts, part of the puppeteer_navigate component, where manipulation of the url argument triggers the flaw. This open-source project uses a rolling release model, so specific affected or patched version details are not available.

Remote attackers can exploit this vulnerability with no privileges required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, score 7.3), leading to SSRF by supplying a malicious url argument. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, as attackers can forge requests from the server to arbitrary destinations.

Advisories note that the project was informed early via an issue report but has not responded. No patches or mitigations are disclosed due to the rolling release system. Relevant references include the project's GitHub repository, the notification issue, a public exploit disclosure, and VulDB entries detailing the submission and vulnerability.

EU & UK References

Vulnerability details

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The…

more

attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in public-facing app enables remote unauth exploitation (T1190); forging requests to arbitrary destinations facilitates internal network service discovery (T1046).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918
CVE-2025-55150Shared CWE-918
CVE-2025-28091Shared CWE-918
CVE-2025-1849Shared CWE-918

Affected Assets

shadowclonelabs
glutamate mcp servers
≤ 2025-06-26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SSRF by validating the user-supplied 'url' argument in src/puppeteer/index.ts to ensure it conforms to expected safe formats and destinations before navigation.

preventdetect

Controls and monitors outbound communications at system boundaries to block forged server-side requests to arbitrary or internal destinations via the vulnerable puppeteer_navigate component.

prevent

Enforces information flow control policies restricting server-initiated requests to authorized destinations only, mitigating unauthorized SSRF exploitation.

References